Interesting paper by Steve Bellovin - Worm propagation in a v6 internet

Mark Andrews Mark_Andrews at
Wed Feb 15 02:12:34 UTC 2006

> On Wed, 15 Feb 2006, Mark Andrews wrote:
> >     One of method missing is doing top down random walks of
> That's only easy if delegation were on a per-nybble basis, which is commonly
> not the case.  Because there are not typically NS's at every nybble level,
> you have to do more than one hex digit's worth of randomness in the scan in
> order to find a next-level delegation, increasing the cost of scanning that
> namespace quite a bit.
> (Having delegations at every nybble level would be ... alarming at best,
> given the amount of PTR redirection that implies.  :)
> -- 
> -- Todd Vierling <tv at> <tv at> <todd at>

	I suggest that you re-read RFC 1034 and RFC 1035.  A empty
	node returns NOERROR.  A non-existant node returns NXDOMAIN
	(Name Error). PTR

	causes all of the following to exist.

	A query for any of them regardless of type should return something
	other than NXDOMAIN.

	Also wildcards won't save you as it is possible to detect them.

Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at

More information about the NANOG mailing list